Endpoint Protection

 View Only
Expand all | Collapse all

Deploying Updates

Migration User

Migration UserJul 29, 2009 11:49 AM

Migration User

Migration UserJul 29, 2009 11:53 AM

  • 1.  Deploying Updates

    Posted Jul 29, 2009 11:41 AM
    I only  want to push out updates to distribution servers that will update what is needed to make sure SEP scans for the latest malware/viruses.  I am not sure what each item is under the Product List but was curious if anyone has an idea on what exactly I need.  I dont care much about the main program updates, I just want to make sure that if a new virus/malware is released tomorrow, that only the updates that are needed to detect/remove the malware/spyware is pushed out.  

    Thanks

    Behavioral Crimeware Protection
    SESM Symantec Known Application System_lumetadata 11.0
    SESM Symantec Known Application System 11.0
    SESM Symantec Security Content A1_lumetadata 11.0
    SESM Symantec Security Content A1 11.0
    SESM Symantec Security Content A1-64_lumetadata 11.0
    SESM Symantec Security Content A1-64 11.0
    SESM Symantec Security Content B1_lumetadata 11.0
    SESM Symantec Security Content B1 11.0
    SESM Symantec Security Content B1-64_lumetadata 11.0
    SESM Symantec Security Content B1-64 11.0
    Symantec Known Application System 1.5.0

    Firewall Rules
    SESC IPS Signatures Win32 11.0
    SESC IPS Signatures Win64 11.0
    SESM IPS Signatures Win32 11.0
    SESM IPS Signatures Win64 11.0

    Product Updates
    Decomposer 1.0.0
    SEP PTS Content 6.1.0
    SEP PTS Engine Win32 6.1.0
    SEP PTS Engine Win64 6.1.0
    SESC AntiVirus Client Win32 11.0 English
    SESC AntiVirus Client Win64 11.0 English
    SESC Submission Control Data 11.0
    SESM AntiVirus Client Win32 11.0.1000 English
    SESM AntiVirus Client Win32 11.0.2000 English
    SESM AntiVirus Client Win32 11.0.3001 English
    SESM AntiVirus Client Win32 11.0.4000 English
    SESM AntiVirus Client Win32 11.0 English
    SESM AntiVirus Client Win64 11.0.1000 English
    SESM AntiVirus Client Win64 11.0.2000 English
    SESM AntiVirus Client Win64 11.0.3001 English
    SESM AntiVirus Client Win64 11.0.4000 English
    SESM AntiVirus Client Win64 11.0 English
    SESM Content Catalog 11.0
    SESM Decomposer_lumetadata 11.0
    SESM Decomposer 11.0
    SESM SEP PTS Content_lumetadata 11.0
    SESM SEP PTS Content 11.0
    SESM SEP PTS Engine Win32_lumetadata 11.0
    SESM SEP PTS Engine Win32 11.0
    SESM SEP PTS Engine Win64_lumetadata 11.0
    SESM SEP PTS Engine Win64 11.0
    SESM Submission Control Data_lumetadata 11.0
    SESM Submission Control Data 11.0

    Virus Definitions
    SESC Virus Definitions Win32 v11
    SESC Virus Definitions Win64 (x64) v11
    SESM Virus Definitions Win32 v11
    SESM Virus Definitions Win64 (x64) v11
    Symantec Security Content A1-64 Virus Definitions
    Symantec Security Content A1 Virus Definitions
    Symantec Security Content B1-64 Virus Definitions
    Symantec Security Content B1 Virus Definitions



  • 2.  RE: Deploying Updates

    Posted Jul 29, 2009 11:49 AM
    Hi presume that this is the list from the manager..


  • 3.  RE: Deploying Updates

    Posted Jul 29, 2009 11:53 AM
    correct....


  • 4.  RE: Deploying Updates

    Posted Jul 29, 2009 12:08 PM
    In this case the manager will download all of above even if you dont have them installed on the client..

    As per my knowledge it by design and it cannot be changed..



  • 5.  RE: Deploying Updates

    Posted Jul 29, 2009 12:09 PM
    Then why can you deselect the items?  Seems to me if you deselect something, it wont deploy it.


  • 6.  RE: Deploying Updates

    Posted Jul 29, 2009 12:16 PM
     If you deselect any one of these features it will not download it so it won't deploy..

    This is not from SEPM it is from Liveupdate Administrator.

    In SEPM it has few more things that you can select or unselect like..
    Submission Control Signatures etc..

    So in LUA whatever you download will get distributed.


  • 7.  RE: Deploying Updates

    Posted Jul 29, 2009 12:21 PM
    are you talking about  Deploy to client or you taking about the manager downloading the defs ?


  • 8.  RE: Deploying Updates

    Posted Jul 29, 2009 12:31 PM
    Ok, this is what I want...

    I want only the updates that will detect new malware/viruses to be DLed and deployed to distrubtion servers and I only want these updates to be applied to the clients.  This is why I posted the list of downloadable items.  I am basically trying to limit the amount of data being copied over the network. I currently have everything checked and it is taking 3 hours to copy the data to 5 diff distribution servers.

    Client updates I am not worried about. If there is a need for client updates, then I will create a seperate job for that.

    So, out of the list I posted...which items will insure I am up to date on new virus/malware defs to detect whats new?  Some are obvious, but there are some I am not sure of.

    thanks


  • 9.  RE: Deploying Updates
    Best Answer

    Posted Jul 29, 2009 12:35 PM
    Virus definitions and Firewall rules are enough to protect your network

    Virus Definitions will protetc you from all known virus and threat ( size it bigger but is  most important)
    Firewall rules --are IPS signatures that are download once or twice a week and size is almost negligible.

    Rest you can ignore


  • 10.  RE: Deploying Updates

    Posted Jul 29, 2009 12:36 PM
    So the virus definitions will also update the malware protection definitions?


  • 11.  RE: Deploying Updates

    Posted Jul 29, 2009 12:40 PM
    Virus definition is for updating signatures ofr  Virus,Spyware,malware,trojans, Unwanted fake programs..etc..any threat file on your computer..


  • 12.  RE: Deploying Updates

    Posted Jul 29, 2009 12:45 PM
    Ahh, cool...thanks for the info...

    Any idea what the items in the Behavioral Crimeware Protection section does?


  • 13.  RE: Deploying Updates

    Posted Jul 29, 2009 01:29 PM
    Behavioural Crimeware Protection --is the whitelist definition for Proactive threat Protection feature of SEP.
    It is used for Behaviour based scanning. 


  • 14.  RE: Deploying Updates

    Posted Jul 29, 2009 02:17 PM
    Then shouldnt I keep the Behavioural Cimeware Protection enabled to download updates?  Looking at the detains for Proactive Threat Protection, it does trojan and worm scanning as well as keylogger scans.


  • 15.  RE: Deploying Updates

    Posted Jul 30, 2009 03:14 AM
    but if you have virus defs..it should get detected..
    PTP is just behaviour based..
    I dont think the size of the whitlelist will be big for PTP also..